Your privacy is important to Aware, Inc. (“Aware”), a provider of biometric software and services (the “Service”). This Privacy Policy describes the information practices for Aware websites and applications, including what type of information is gathered and tracked, how the information is used, and with whom the information is shared in accordance with applicable data privacy laws, including but not limited to the General Data Protection Regulation (“GDPR”). As described below, this policy also applies to your offline interactions with Aware, such as when you license software subject to an End-User License Agreement or enter into Terms of Service for an Aware offering or provide information to Aware at a trade show or other event.
Should you have any questions about this Privacy Policy you can contact us at [email protected].
We may supplement this Privacy Policy. Those supplemental notices should be read together with this Privacy Policy.
“Personal Data” means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a personal profile, an email address, or other contact information, one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity, and biometric information. Personal Data does not include data from which you can no longer be identified, such as anonymized data.
“Biometric Data” means information about your physical or biological characteristics (some jurisdictions call these “biometric identifiers”) that identify you. Information like eye, hand, or facial images; fingerprints; and voiceprints may be considered biometric data if they are being used to identify you. This list is not exhaustive, and the definitions of biometric data may vary under different laws.
This Privacy Policy discloses what Personal Data we gather, how we use it, and how you can correct or change it. It is our intention to give you as much control over your Personal Data as possible to preserve your privacy, while still allowing us to utilize that Personal Data in the course of our business to provide you a valuable service. Our site does collect cookies, which may include Personal Data, necessary for the basic function of our website, but only with your consent.
Personal Data We Collect
The kinds of Personal Data we collect may include but may not be limited to:
Our Basis for Processing Your Personal Data
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:
Some processing of your Personal Data by Aware or its affiliates, subsidiaries, or agents may require us to transfer it from where it was collected to a third country. If your Personal Data was collected from a European Economic Area country or Brazil, we will transfer your Personal Data to a third country only if the appropriate authority has issued a decision that the third country provides adequate protections for your Personal Data, we include appropriate standard contractual clauses in our agreement pursuant to which the data is transferred, or with your consent.
How We Collect Personal Data
Aware collects Personal Data when:
Aware may also collect Personal Data from individuals (with their consent) at conventions, trade shows and expositions.
What Do We Use Personal Data For?
We will use your Personal Data to operate and improve our sites and the Service and deliver the Service or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making the sites or services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services, and technologies; and displaying content and advertising that are customized to your interests and preferences.
We also use your Personal Data to communicate with you. We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. We may contact you to inform you of other products or services available from Aware and its affiliates. We also may share content with you that you may find interesting or useful based upon your prior interactions with Aware. You may unenroll in promotional emails at any time pursuant to the instructions contained within such emails.
How Do We Transfer Personal Data?
We may transfer your Personal Data to our third-party service providers (such as a server hosting provider), but only to provide our services to you. We require third parties to whom we transfer your Personal Data to protect your Personal Data at least as strongly as we do. We may disclose your Personal Data to others under the same conditions as those under which we may process your Personal Data. See “Our Basis for Processing Your Personal Data,” above.
We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to enter into a contract with you or send you the requested information and you may be unable to access certain programs and services that involve our interaction with you.
Aware shares Personal Data with companies working on our behalf. Except as described in this statement, we will not disclose your Personal Data to third parties for their own marketing purposes unless you have provided consent.
Some Aware services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Aware and the other company may receive information collected as part of the co-branded services.
In some cases, Aware uses contractors to collect, use, analyze and otherwise process information on its behalf. It is Aware’s practice to require such suppliers to handle information in a manner consistent with Aware’s policies. Aware may also allow carefully selected Aware partners to participate in limited marketing campaigns solely to promote Aware’s products and services to you.
If you request something from an Aware Site (for example, a product or service, a callback, or specific marketing materials), we will use the information you provide to fulfill your request. As part of a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
We may hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, hosting websites, processing transactions, or performing statistical analysis of our services. Those companies will be permitted to obtain only the Personal Data they need to deliver the service. We require them to process the data only when they have a lawful basis for doing so.
You may have some of the following rights as an individual which you can exercise, based on the jurisdiction in which you live, in relation to your Personal Data that we hold. These rights may include:
If you want to exercise one of these rights, please contact us at [email protected]. We will in general respond to European residents’ requests within one month, although we may extend the period for two further months if necessary. We will respond to Brazilian residents’ requests to confirm the existence of processing and access their Personal Data within 15 days, and Brazilian residents’ other requests within the relevant regulated time-period.
You also have the right to make a complaint at any time to the supervisory authority for data protection issues or, for EU residents, any other competent supervisory authority of an EU member state. You may request from us the contact information for the appropriate authority.
In case you have provided your consent to the collection, processing, and transfer of your Personal Data, you have the right to withdraw your consent fully or partly. To withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless we have another lawful basis for processing your Personal Data.
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we have a lawful basis to process it.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Policy. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may also charge you a reasonable fee if you request multiple copies of your Personal Data.
Aware Business Client. An Aware customer/client who has subscribed to an Aware SaaS product to utilize the Service. Aware makes the Service available to an Aware Business Client for integration into those third parties’ websites, applications, and online services or for direct use through the Aware Authenticator Application.
Data Processor. Aware collects, uses, and discloses individual users’ information only as directed by the Aware Business Client and, accordingly, under applicable data protection laws, Aware is a processor or service provider (“data processor”) of user information with respect to the Service and not a controller, owner or business (“data controller”).
How Aware shares personal information with other entities. In general, Aware shares the personal information that we collect in connection with the Service as discussed below. Aware shares personal information only as directed by the Aware Business Client, and thus the following language is subject to the privacy policy of the Aware Business Client.
Customer Data Controller. Aware shares the personal information that Aware collects on behalf of a particular Aware Business Client with that particular Aware Business Client, sometimes called a “Customer Data Controller.”
Legal purposes. Aware may also use or share your personal information with third parties when we have reason to believe that doing so is necessary:
How Aware uses your Biometric Data as part of the Aware Authenticator Application. Aware may use your biometric data to allow you to enroll in and/or authenticate in the service(s) you have selected from an Aware Business Client.
Enrollment
By consenting to use the application, Aware may collect one or more biometric identifiers that are captured by the device through the mobile application and transmitted to Aware’s biometric cloud service for analysis. Aware may analyze those biometric identifiers for liveness and may compare your facial image to a facial image scanned from an identification document solely for the purposes of verifying identity. The verified identity may be enrolled and stored by the Aware Business Client who maintains ownership of the stored data.
Authentication
By consenting to use the authentication services, Aware may collect biometric identifiers at the time of authentication to compare one or more of the biometric identifiers captured during enrollment which are stored and owned by the Aware Business Client.
Retention
Aware will retain the biometric data, including the photo of your face and photo or scan of your identification document, for the amount of time requested by the Aware Business Client through which you used Aware’s Service. In no event will Aware store your biometric data after Aware ceases to have a customer relationship with the Aware Business Client through which you used Aware’s Service.
Information for California Residents. Aware process your personal information on behalf of the Aware Business Client pursuant to a written agreement for the Service. As such, Aware acts as a service provider to the Aware Business Client. Moreover, Aware does not sell your personal information as the terms “sell” and “personal information” are defined by California Civil Code Sec. 1798.`00 et seq. (the “CPRA”, also known as the California Consumer Privacy Act “CCPA”) and, in providing its services to the Aware Business Client, Aware will not retain, use, or disclose your personal information to any other third parties that would constitute “selling” as the term is defined in the CPRA. Any questions or requests regarding Aware’s processing of your personal information in respect to your rights under the CPRA should be directed to the Aware Business Client that is responsible for your personal information.
Information for Illinois residents. Aware’s collection of personal information may include Biometric Data, and Aware may share such Biometric Data with the Aware Business Client. Aware may collect, process and store your Biometric Data for the purpose of the Service and long-term proof of inspection of your provided form of identification, on behalf of and as instructed by the Aware Business Client (e.g., the duration of your use of its services), which shall be no longer than the earlier of the date when (i) the Aware Business Client ceases to have a relationship with Aware or (ii) within three (3) years after the Aware Business Client informs Aware that its last interaction with you has occurred.
We reserve the right to update this Privacy Policy at any time, and we will make an updated copy of such Privacy Policy available on our website.
Collection of Information by Third-Party Sites. We may use a reputable third party to present or serve advertisements that you may see on the Service. These third-party ad servers may use cookies, web beacons, clear gifs, or similar technologies to help present such advertisements, and to help measure and research the advertisements’ effectiveness. The use of these technologies by these third-party ad servers is subject to their own privacy policies and is not covered by our Privacy Policy.
Links to Other Sites. The Service may contain links to third party websites that are not owned or controlled by us. We are not responsible for the privacy practices or the content of such other third-party websites, and you visit them at your own risk.
Children’s Privacy. The Service is neither directed to nor structured to attract children under the age of 16 years. Accordingly, we do not intend to collect Personal Data from anyone we know to be under 16 years of age. We will direct potential users under 16 years of age not to use the Service. If we learn that Personal Data of persons less than 16 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, or if there are any questions or concerns about the Privacy Policy for the Service or its implementation, please contact us at [email protected].
Security. The security of your Personal Data is important to us. We follow generally accepted industry standards, including the use of appropriate administrative, physical, and technical safeguards to protect the Personal Data submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Data, we cannot guarantee its absolute security or confidentiality. If you have any questions about security, you can contact us at [email protected].
Please be aware that certain Personal Data and other information provided by you in connection with your use of the Service may be stored on your device (even if we do not collect that information). You are solely responsible for maintaining the security of your device from unauthorized access.
Merger, Sale or Bankruptcy. If we are acquired by or merged with a third-party entity, or if we are subject to a bankruptcy or any comparable event, we reserve the right to transfer or assign Personal Data in connection therewith.
California Online Privacy Protection Act Notice
On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to “Do Not Track Signals”; and whether third parties collect personally identifiable information about users when they visit us.
(1) We do not track users who do not interact with the website sharing functionality across the web, and therefore do not use “do not track” signals.
(2) We do not authorize the collection of personally identifiable information from our users for third party use through advertising technologies without separate member consent.
California Civil Code Section 1798.83 also permits our customers who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected]. Please note that we are only required to respond to one request per customer each year.
Commitment. We are committed to protecting your privacy. If you have any comments or questions regarding our Privacy Policy or Personal Data that we may be storing and using, please contact us at [email protected].
Dispute Resolution
Aware commits to resolve complaints about your privacy and our collection or use of your Personal Data. Individuals with inquiries or complaints regarding this privacy policy should first contact Aware at:
[email protected] or (781) 276-4000
Aware is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
If you have any concerns or require any further information, please do not hesitate to contact [email protected].